More stories

  • in

    Rampant Identity Theft Is Taxing the I.R.S.

    The National Taxpayer Advocate criticized the agency for being too slow to resolve cases, leaving victims waiting years for their refunds.Rampant identity theft has overwhelmed the Internal Revenue Service, resulting in a backlog of 500,000 unresolved fraud cases, leaving taxpayers without refunds and credits that they are due, the agency’s watchdog wrote in a report to Congress on Wednesday.The report by the National Taxpayer Advocate described the slow pace of addressing the identity theft cases as a “blemish” on the performance of the I.R.S., which is in the midst of a sweeping modernization campaign that aims to improve taxpayer services. While the I.R.S. was criticized by the watchdog for identify theft delays last year, the backlog has gotten only worse.The I.R.S. is taking nearly two years to resolve identity theft victims’ assistance cases and has an inventory of approximately 500,000 cases, up from 484,000 cases in September.“I.R.S. delays in resolving identity theft victim assistance cases are unconscionable,” Erin Collins, the taxpayer advocate, wrote in the report.Calling on the agency to prioritize assistance for victims, she added: “Delays of nearly two years make a mockery of the right to quality service in the Taxpayer Bill of Rights.” The backlog of cases is likely to give congressional Republicans more fodder to criticize the I.R.S. and to call for cleaving back more of the $80 billion in funding that the agency received through the Inflation Reduction Act of 2022. Critics of the agency have been arguing that it is bloated and failing to put that money to good use.Identity theft has long been a problem for the I.R.S. Criminals often steal taxpayers’ identifying information and file paperwork to fraudulently claim their refund. Taxpayers realize this only when they try to claim their refund, leading to a laborious process in which they have to submit an identity theft affidavit and a paper tax return before the agency will open a case to investigate the matter.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

  • in

    Ticketmaster Confirms Data Breach. Here’s What to Know.

    The hacking group ShinyHunters has claimed responsibility for stealing the user information of more than 500 million Ticketmaster customers.Ticketmaster confirmed in a federal filing on Friday that it was investigating a data breach after a hacking group known as ShinyHunters claimed responsibility for stealing the information of more than 500 million Ticketmaster customers.In the filing, with the U.S. Securities and Exchange Commission, Ticketmaster’s parent company, Live Nation Entertainment, said it had “identified unauthorized activity within a third-party cloud database environment.”Who is behind the breach?ShinyHunters, a hacker group believed to have been formed around 2020, is believed to have been behind the breach.Brett Callow, a threat analyst with the cybersecurity company Emsisoft, said it was a “credible threat actor,” though not much more was known about the group.Its chief aim appears to be to obtain personal records and sell them.Its past victims have included Microsoft and AT&T, among dozens of other companies in the United States and elsewhere, according to federal prosecutors.In March, AT&T confirmed a breach in a news release and said it had affected roughly 70 million past or present customers.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

  • in

    AT&T Passcodes for Millions Are Reset After Leak of Customer Records

    Nearly eight million customers and 65.4 million former account holders were affected by the data breach, the company said.The telecommunications giant AT&T announced on Saturday that it had reset the passcodes of 7.6 million customers after it determined that compromised customer data was “released on the dark web.”“Our internal teams are working with external cybersecurity experts to analyze the situation,” AT&T said. “To the best of our knowledge, the compromised data appears to be from 2019 or earlier and does not contain personal financial information or call history.”The company said that “information varied by customer and account,” but that it may have included a person’s full name, email address, mailing address, phone number, Social Security number, date of birth, AT&T account number and passcode.In addition to those 7.6 million customers, 65.4 million former account holders were also affected.The company said it would be “reaching out to individuals with compromised sensitive personal information separately and offering complimentary identity theft and credit monitoring services.”AT&T said it reset the passcodes for those affected and directed customers to a site with details about how to reset them. It also said that it was starting a “robust investigation supported by internal and external cybersecurity experts.”A company representative did not address specific questions about how the breach happened or why it went unnoticed for so long.TechCrunch, which first reported on the passcode reset, said it informed AT&T on Monday that “the leaked data contained encrypted passcodes that could be used to access AT&T customer accounts.”TechCrunch said it delayed publishing its article until the company “could begin resetting customer account passcodes.”In its report, TechCrunch said that “this is the first time that AT&T has acknowledged that the leaked data belongs to its customers, some three years after a hacker claimed the theft of 73 million AT&T customer records.”AT&T had previously denied a breach of its systems but how the leak happened was unclear, TechCrunch reported.AT&T said that it did not know whether the leaked data “originated from AT&T or one of its vendors” and that it “does not have evidence of unauthorized access to its systems resulting in theft of the data set.”The episode comes after AT&T customers experienced a widespread outage last month that temporarily cut off connections for users across the United States for several hours. The Feb. 22 outage affected customer in cities including Atlanta, Los Angeles and New York.At its peak, there were around 70,000 reports of disrupted service for the wireless carrier, according to Downdetector.com, which tracks user reports of telecommunication and internet disruptions.A few days later, AT&T offered customers affected by the outage a $5 credit in an effort to “make it right.” More

  • in

    Public Workers Joined Ring That Stole IDs of Homeless People, D.A. Says

    Eighteen people, including nine New York City public employees, were charged with joining a conspiracy that made ghost guns and defrauded a state Covid relief program.Eighteen people, including nine public employees, engaged in a broad criminal conspiracy that included the manufacture of ghost guns, burglary and defrauding a state pandemic relief program, according to four indictments filed Thursday by the Manhattan district attorney.The defendants include five employees of New York City’s Department of Homeless Services, a letter carrier for the U.S. Postal Service, a worker for the Metropolitan Transportation Authority, an employee of the New York City Housing Authority and a school safety police officer.The Homeless Services workers were involved in a scheme to steal the personal information of homeless people to file for fraudulent benefits, the district attorney, Alvin L. Bragg, said.“This kind of conduct by our public servants is unacceptable and, we allege, criminal,” Mr. Bragg said at a news conference on Thursday.The investigation began in 2022 with suspicions that two people were using 3-D printers to manufacture ghost guns — untraceable firearms that can be assembled at home — in an apartment in the East Village. Evidence uncovered after the execution of a search warrant confirmed that Craig Freeman, 56, and another defendant had used eBay and Amazon to purchase machines and materials to build illegal guns in their homes. Both were employees of the Barbara Kleiman homeless shelter in East Williamsburg, Brooklyn.In the summer of 2022, Mr. Freeman got a text message from a co-defendant saying, “We can make some serious bank.”We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

  • in

    Former New York Election Official Admits to Vote Fraud Scheme

    Jason Schofield, a Republican, pleaded guilty to using voters’ personal information illegally to obtain absentee ballots as a Rensselaer County election commissioner.A former upstate New York election official pleaded guilty on Wednesday to federal identity theft charges arising from his fraudulent use of voters’ personal information to apply for a dozen absentee ballots in 2021.In entering his plea in U.S. District Court in Albany, the former official, Jason Schofield, admitted to requesting the bogus ballots through a state website in his role as the Republican election commissioner in Rensselaer County, federal prosecutors said in a news release.Mr. Schofield’s guilty plea is part of a broader federal inquiry into potential ballot fraud across Rensselaer County, just east of Albany.He or someone working for him sought the ballots from May to October 2021, during elections for county executive, clerk and legislature and municipal races in the cities of Rensselaer and Troy, according to the indictment charging him in the case. At the time, New York State voters were able to request absentee ballots online because of the pandemic.The voters whose names and birth dates Mr. Schofield, 43, used to obtain the ballots either had no interest in voting, absentee or otherwise; had not asked for absentee ballots or his help in getting them; or did not know what he was doing with their information, the indictment says.In several instances, the indictment says, Mr. Schofield had the voters whose names he had used illicitly sign the envelopes the ballots were to be returned in without completing the ballots themselves. That allowed him to fill out the ballots himself and deliver them to the county elections board for processing, the indictment says.Mr. Schofield, a county election commissioner from April 2018 until his resignation last month, admitted on Wednesday that he had falsely certified on the ballot applications that he was the voter requesting the ballots, prosecutors said.He also admitted taking possession of nine of the 12 ballots despite knowing that county election records would show they had gone to the voters whose information he used in the scheme, prosecutors said.His lawyer, Danielle Neroni, declined to comment on the plea.Mr. Schofield is the second public official in Rensselaer County in the past year to admit to engaging in ballot fraud.Last June, Kimberly Ashe-McPherson, a former member of the Troy City Council, pleaded guilty to a federal identity theft charge after being accused of casting three absentee ballots using names other than her own in 2021.Ms. Ashe-McPherson, who resigned from the Council after entering her plea, was helped in the scheme by an unnamed person who worked at the Rensselaer County Board of Elections, according to court documents. She is awaiting sentencing.Mr. Schofield, a former Troy school board president, is scheduled to be sentenced in May. He faces up to five years in prison on each of the 12 counts to which he pleaded guilty, according to the U.S. attorney’s news release, though he is likely to receive a less severe punishment under federal sentencing guidelines.His abrupt resignation from his $90,000-a-year position as election commissioner came about two weeks after Rensselaer County lawmakers approved his reappointment to the job despite the federal charges against him, The Times Union of Albany reported. More

  • in

    He Ordered Celebrities’ Absentee Ballots. Now He’s Under Arrest.

    A criminal complaint filed in Federal District Court claimed that Louis Koch obtained the absentee ballots of public figures, calling the practice a “hobby.”Two years ago, a Manhattan resident, Louis Koch, asked the New York City Board of Elections to mail him absentee ballots for the primary and general elections for 2020, the authorities said.He didn’t stop there.Since then, Mr. Koch has obtained well over 100 absentee ballots in the names of other people, including politicians, journalists and lawyers, without their permission, according to a criminal complaint filed in Federal District Court.But despite ordering all of those ballots, Mr. Koch never cast them in an election. He told F.B.I. agents who interviewed him last month that he collected the ballots “as a hobby,” the complaint said.The hobby may become an expensive one: Mr. Koch, 39, was arrested on July 8 and charged with using false information in voting and identity theft. He was released on a $250,000 bond, pending further legal proceedings. The arrest comes as allegations of election fraud continue to polarize American politics, with false claims spread by former President Donald J. Trump and his supporters. Studies show genuine election fraud is extremely rare in the United States.Even if Mr. Koch’s alleged aim was not to sway an election as opposed to feeding a somewhat unconventional quest for celebrity ballots, it suggests a flaw in the way absentee ballots are made available in New York.According to the complaint, Mr. Koch applied for the absentee ballots by entering his victims’ names, dates of birth, counties of residence and ZIP codes into the elections board’s website. He then directed that the ballots be mailed to his apartment in Manhattan and a family house in Tenafly, N.J., the complaint said.Under the board’s current system, the complaint said, a potential voter can have an absentee ballot sent to an address other than the requester’s as long as they provide the voter’s personal identifying information.In late May, the complaint said, absentee ballots for several current and former politicians from New York were requested from the board, and sent to Mr. Koch’s Manhattan and Tenafly addresses.The elections board, in reviewing its records, identified at least 95 additional absentee ballot requests in the last week of May, which had been submitted in the names of other people, including “recognizable politicians, media personalities and lawyers,” the complaint said.Vincent M. Ignizio, the deputy executive director of the elections board, said Mr. Koch’s activities were detected in early June. The campaign of a sitting state official who was running for re-election told the board that the candidate’s name had been found on a list of people who had requested absentee ballots.But the candidate had not requested one, Mr. Ignizio said. Authorities have not publicly identified the people in whose names prosecutors said Mr. Koch obtained the ballots.The board began investigating, he said, and turned over its findings to the U.S. attorney’s office in Manhattan.“We take ballot security very seriously,” Mr. Ignizio said. “We’re proud we uncovered a potential vulnerability and we’ll continue to tighten up the process in order to ensure that security is paramount.”On June 30, the F.B.I. conducted searches of Mr. Koch’s addresses, the complaint said. In his Manhattan apartment, agents found more than 100 absentee ballots in the names of other people, which had been issued by New York, California and Washington, D.C., for various elections, including the June 28 New York primary.At the Tenafly residence, agents searched Mr. Koch’s childhood bedroom, and seized additional such ballots, the complaint said.The number of absentee ballots cast in New York City has varied in recent years, reaching nearly 684,000 in the November 2020 general election, in which President Biden defeated Mr. Trump; and dipping to 83,000 in the general election a year later, when Eric Adams was elected mayor.Mr. Ignizio said that the board’s investigation found that none of the absentee ballots Mr. Koch was said to have obtained in the names of other people were cast in any election. Nicholas Biase, a spokesman for the U.S. attorney’s office, declined to comment. Mr. Koch is registered as a Democrat, according to a public record of the elections board.Mr. Koch’s lawyer did not respond to requests for comment on his client’s behalf. Mr. Koch had no comment, a family member said.According to the complaint, Mr. Koch, after waiving his Miranda rights, told the F.B.I. agents that he had been ordering ballots in other people’s names since at least 2020, using personal identifying information he obtained from public sources.At one point last year, he said, a relative living in the Tenafly house who was aware he had been obtaining the ballots advised him to stop, according to the complaint.“Koch understood it was ‘foolish’ to continue ordering ballots, but he continued doing it anyway,” the complaint said.When U.S. Magistrate Judge Valerie Figueredo agreed to release Mr. Koch on bail, she imposed several conditions, including one tailored to the allegations in his case.He could not order absentee ballots for himself or anyone else — for any national, state or local election.Alain Delaquérière More